Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1
2023-06-07 17:34
cleanmgr.exe
33108fe9d2b46a295190763ebb4083f7
AgentTesla
PWS
.NET framework
browser
info stealer
Google
Chrome
User Data
Downloader
UPX
Admin Tool (Sysinternals etc ...)
ScreenShot
Create Service
Socket
DNS
PWS[m]
Sniff Audio
Internet API
Escalate priviledges
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE Fi
Browser Info Stealer
Remcos
VirusTotal
Email Client Info Stealer
Malware
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
AntiVM_Disk
sandbox evasion
VM Disk Size Check
installed browsers check
Windows
Browser
Email
ComputerName
DNS
Cryptographic key
DDNS
crashed
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
divdemoce.duckdns.org(192.30.89.67) - mailcious
178.237.33.50
192.30.89.67 - mailcious
3
Info
×
ET JA3 Hash - Remcos 3.x TLS Connection
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
15.6
M
29
ZeroCERT
2
2023-05-30 17:36
internet.exe
993d95f1880cbd2145649f02734b2a94
AgentTesla
browser
info stealer
Generic Malware
Google
Chrome
User Data
Downloader
Antivirus
Create Service
Socket
DNS
PWS[m]
Sniff Audio
Internet API
Escalate priviledges
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE File
PE32
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
Windows
ComputerName
DNS
Cryptographic key
DDNS
crashed
2
Info
×
pekonomia.duckdns.org(185.225.74.112) - mailcious
185.225.74.112 - mailcious
2
Info
×
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
12.2
M
37
ZeroCERT
3
2023-05-26 17:50
IE_NET.exe
9e925b69e3dbb48c606de897284d31ae
AgentTesla
PWS
.NET framework
RAT
browser
info stealer
Generic Malware
Google
Chrome
User Data
Downloader
UPX
Antivirus
ScreenShot
Create Service
Socket
DNS
PWS[m]
Sniff Audio
Internet API
Escalate priviledges
KeyLogger
AntiDebug
AntiVM
OS Processor Check
Browser Info Stealer
Remcos
VirusTotal
Email Client Info Stealer
Malware
powershell
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
Check virtual network interfaces
suspicious process
AntiVM_Disk
sandbox evasion
VM Disk Size Check
Windows
Browser
Email
ComputerName
DNS
Cryptographic key
DDNS
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
6
Info
×
geoplugin.net(178.237.33.50)
divdemoce.duckdns.org(192.30.89.67) - mailcious
corpotechgroup.com(162.213.196.78) - malware
162.213.196.78 - mailcious
178.237.33.50
192.30.89.67 - mailcious
3
Info
×
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET JA3 Hash - Remcos 3.x TLS Connection
14.8
M
27
ZeroCERT
4
2023-05-26 09:18
TEMP_CACHE.exe
9dae5ebee8904addaff745946ade5d9c
AgentTesla
browser
info stealer
Generic Malware
Google
Chrome
User Data
Downloader
Antivirus
Create Service
Socket
DNS
PWS[m]
Sniff Audio
Internet API
Escalate priviledges
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE File
PE32
Remcos
VirusTotal
Malware
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
ICMP traffic
unpack itself
suspicious process
Windows
ComputerName
DNS
Cryptographic key
DDNS
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
pekonomia.duckdns.org()
178.237.33.50
185.225.74.112
3
Info
×
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET JA3 Hash - Remcos 3.x TLS Connection
10.6
M
38
ZeroCERT
First
1
Last
Total : 4cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
